Guarding Against a ‘Cyber 9/11’

hacker at darkened keyboard image www.intelagencies.com

ISIS and other terrorists are more technologically sophisticated than ever.

Two years ago this week, a pair of homegrown Islamic terrorists effectively shut down the city of Boston for two days following an attack with homemade explosives that killed three people during the Boston Marathon. Now imagine the potential loss of life from a terrorist assault on a major U.S. city paired with a cyberattack launched against that city’s police, fire, emergency management, communications and transportation systems.

The Internet provides an easy, low-cost and low-risk means for nonstate actors or terrorist groups to amplify the impact of any attack. But a large-scale cyberattack on critical infrastructure could prove devastating. Whether it’s called “Cyber 9/11” or “Cyber Pearl Harbor,” senior U.S. officials, including the president, have warned of the possibility of attacks launched by foreign hackers that could cripple the country by taking down the power grid, water infrastructure, transportation networks and the financial system.

Islamic State, aka ISIS, recently released a video threatening another 9/11-magnitude attack on the U.S. Clearly well-funded, ISIS has proved to be the most sophisticated terrorist group so far when it comes to utilization of digital media for recruitment and propaganda. Last week a French television network, TV5 Monde, was digitally commandeered by ISIS-inspired hackers who cut the transmission of 11 channels and took over the station’s website and social-media accounts for 24 hours.

A different type of cyberattack occurred in 2010, when Russian-affiliated hackers hit Estonia. The attack consisted partly of “ping attacks,” which overwhelmed servers. There were botnet attacks, which harnessed zombie computers from around the world to flood designated Internet addresses with useless, network-clogging data as part of a distributed denial-of-service (DDoS) attack. Hackers also infiltrated specific individual websites to delete content and post their own messages. Although relatively unsophisticated, these coordinated cyberattacks took down servers and websites related to major government and nongovernment institutions and communications networks—effectively taking the entire country offline for two weeks.

In a major U.S. city, a combined physical and cyber terrorist attack could result in hundreds wounded and killed. It could also impair first responders’ ability to get to the scene of the attack, and the ability of local government to communicate with the city’s population in a chaotic and confusing environment.

Some of these issues arose during al Qaeda’s 2005 suicide bombing attacks in London on three Underground trains and one bus. Cellular networks and radio channels used by emergency responders were severely congested due to the volume of traffic, resulting in delayed responses by medical and security personnel. Adding cyber-enhanced terrorism to the equation could exponentially increase the damage caused by a traditional terrorist attack.

In 2012 Congress took steps to address a long-standing recommendation from the 2004 9/11 Commission report, by mandating the development of a nationwide public-safety broadband network. Three years later, however, the network remains a work in progress.

The threat of cyber-enhanced terrorism must be addressed at the federal and local level. Although federal agencies, such as the National Security Agency, the Pentagon and the Department of Homeland Security, have primary responsibility for countering external cyberthreats, an attack on an American city would also require the mobilization of local law enforcement.

To prepare for the threat of cyber-enhanced terrorism, city governments must gain a more sophisticated understanding of the nature of cyberthreats and their various permutations and implications.

Metropolitan areas also should develop Computer Emergency Response Teams, which can coordinate the responses of local law enforcement and private industry with federal agencies. Intelligence collected at the national level should be shared with metropolitan governments. While federal to local intelligence sharing on counterterrorism has improved markedly in recent years, the sensitivity and difficulty of protecting sources and methods gleaned from cyber-intelligence collection has made this more complicated in the cyberthreat domain.

Perhaps most important, cities should increase their capacity to collect, monitor and analyze threat intelligence—in other words “connecting the dots”—before an attack occurs. The diversity and decentralization of the current terrorism threat, combined with the logarithmic growth in the capabilities of cyber-malefactors, makes doing so more challenging than ever.

But it is possible. For example, actionable intelligence regarding the cyberattack on Estonia—including discussions concerning preparations for the attack—was present in closed forums in the Deep Web and Dark Net in the days leading up to the attack. But that intelligence was never acted on, largely because a plan to counteract such an attack was not in place beforehand.

To successfully prevent future attacks—whether cyber-enhanced terrorism or otherwise—federal and local authorities in likely urban targets will need to increase their cyber situational awareness, preparedness and resilience. Critical to these efforts will be a commitment to the early detection and identification of warning signals from all sources, including the deepest reaches of cyberspace.

Mr. Silber is executive managing director of K2 Intelligence and former director of intelligence analysis for the New York Police Department. Mr. Garrie is the founder and editor in chief of the Journal of Law and Cyber Warfare.

ooo

Henry Sapiecha

Leave a Reply

Your email address will not be published. Required fields are marked *